CVE-2025-13604 is a stored Cross-Site Scripting (XSS) vulnerability identified in the WordPress plugin 'Login Security, FireWall, Malware removal by CleanTalk,' affecting all versions up to and including 2.168. The vulnerability stems from insufficient sanitization and escaping of the page URL input, which allows unauthenticated attackers to inject arbitrary JavaScript code into pages generated by the plugin. When a user accesses a page containing the injected script, the malicious code executes in the context of the victim's browser, potentially leading to session hijacking, credential theft, or unauthorized actions performed on behalf of the user. The CVSS 3.1 base score of 7.2 reflects a high severity, with an attack vector of network (AV:N), low attack complexity (AC:L), no privileges required (PR:N), and no user interaction needed (UI:N). The scope is changed (S:C), indicating that the vulnerability affects resources beyond the initially vulnerable component, and it impacts confidentiality and integrity but not availability. No known exploits have been reported in the wild yet, but the vulnerability's characteristics make it a prime candidate for exploitation once weaponized. The plugin is widely used in WordPress environments for security and malware protection, increasing the potential attack surface. The lack of available patches at the time of publication necessitates immediate mitigation efforts by administrators.

For European organizations, this vulnerability poses a significant risk to the confidentiality and integrity of web applications using the affected CleanTalk plugin. Attackers can exploit the stored XSS to steal session cookies, enabling account takeover or unauthorized access to sensitive data. This can lead to data breaches, reputational damage, and compliance violations under regulations such as GDPR. The vulnerability's ability to execute without authentication or user interaction increases the likelihood of automated exploitation campaigns. Organizations relying on WordPress for customer-facing websites, e-commerce platforms, or internal portals are particularly vulnerable. The disruption caused by compromised user sessions or injected malicious content can also affect business continuity and customer trust. Given the widespread use of WordPress in Europe, the potential scale of impact is considerable, especially in countries with large digital economies and extensive web presence.

1. Monitor for official patches or updates from CleanTalk and apply them immediately once released. 2. In the absence of patches, implement Web Application Firewalls (WAFs) with robust XSS detection and blocking capabilities to filter malicious payloads targeting the vulnerable plugin. 3. Deploy strict Content Security Policies (CSP) to restrict the execution of unauthorized scripts on affected web pages. 4. Conduct thorough code reviews and input validation enhancements if custom modifications exist around the plugin. 5. Regularly audit WordPress plugins and themes for vulnerabilities and maintain an up-to-date inventory to prioritize patching. 6. Educate site administrators and developers about the risks of stored XSS and safe coding practices. 7. Consider isolating or disabling the vulnerable plugin temporarily if mitigation controls cannot be immediately implemented. 8. Monitor web server and application logs for suspicious URL parameters or unusual script injections to detect potential exploitation attempts early.